Android app, Craftsart Cartoon Photo Tools, which boasts north of 100,000 installs on the Google Play Store, was found stealing Facebook login details that gave the cybercriminals behind the app access to all the data in the victim’s Facebook account, including financial details, conversations and searches.

The cartoon-rendering app was removed after researchers at the mobile security company, Pradeo, alerted the Google Play team and shared their discovery.

While the app has been removed from the Play Store to avoid any more people falling into the trap, anyone who still has it on their phones is still vulnerable to the people behind the spyware.

According to the researchers, the app contained a small piece of malicious code that was able to slip under the radar of Google Play Protect. Moreover, the app mimicked the features and design of popular photo editing apps to help go undetected and look authentic.

How did the app steal Facebook credentials?

The app requires people to log in using their Facebook credentials to access the app.

So, as soon as a person who has installed the app launches it, the Facebook login page would open, and the app won’t allow further access unless the details are entered.

Once the Facebook login details are entered, they’re shared with the cybercriminals that own the app. Once they’ve got the credentials, they can easily use the account for phishing and have access to all of the victim’s data too.

Russian connection

The researchers also established a link between the malicious cartoon app and Russia as the probable location of the perpetrators. The domain used for the app is registered in Russia, and the same domain can also be connected to various other malicious mobile apps that have surfaced over the past seven years.

In the News: Okta’s systems allegedly breached by Lapsus$ ransomware group